Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-08 CVE-2015-6434 Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2)
Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856.
network
low complexity
cisco CWE-79
6.1
2016-01-08 CVE-2015-6433 SQL Injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225)
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.
network
low complexity
cisco CWE-89
6.5
2016-01-06 CVE-2015-6646 Resource Management Errors vulnerability in Google Android 6.0
The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different vulnerability than CVE-2015-7613.
local
low complexity
google CWE-399
6.2
2016-01-06 CVE-2015-6645 Permissions, Privileges, and Access Controls vulnerability in Google Android
SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
local
low complexity
google CWE-264
5.0
2016-01-06 CVE-2015-6643 Permissions, Privileges, and Access Controls vulnerability in Google Android 5.1.1/6.0/6.0.1
Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.
low complexity
google CWE-264
6.6
2016-01-06 CVE-2015-5310 Information Exposure vulnerability in Google Android
The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.
low complexity
google CWE-200
4.3
2016-01-05 CVE-2015-5447 Cross-site Scripting vulnerability in HP Storeonce Backup System Software 3.13.0
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
hp CWE-79
5.4
2016-01-05 CVE-2015-5434 Permissions, Privileges, and Access Controls vulnerability in HP products
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."
network
low complexity
hp CWE-264
6.5
2016-01-05 CVE-2014-5040 Permissions, Privileges, and Access Controls vulnerability in Eucalyptus 4.1.1/4.2.0
HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID.
network
high complexity
eucalyptus CWE-264
6.8
2016-01-04 CVE-2015-8742 Improper Input Validation vulnerability in Wireshark 2.0.0
The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
local
low complexity
wireshark CWE-20
5.5